drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Pufferüberlauf in srtp
| Name: |
Pufferüberlauf in srtp |
|
| ID: |
DSA-2840-1 |
|
| Distribution: |
Debian |
|
| Plattformen: |
Debian sid, Debian squeeze, Debian wheezy, Debian jessie |
|
| Datum: |
Fr, 10. Januar 2014, 18:54 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2139 |
|
| Applikationen: |
libSRTP |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2840-1 security@debian.org
http://www.debian.org/security/ Salvatore Bonaccorso
January 10, 2014 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : srtp
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-2139
Debian Bug : 711163
Fernando Russ from Groundworks Technologies reported a buffer overflow
flaw in srtp, Cisco's reference implementation of the Secure Real-time
Transport Protocol (SRTP), in how the
crypto_policy_set_from_profile_for_rtp() function applies
cryptographic profiles to an srtp_policy. A remote attacker could
exploit this vulnerability to crash an application linked against
libsrtp, resulting in a denial of service.
For the oldstable distribution (squeeze), this problem has been fixed in
version 1.4.4~dfsg-6+deb6u1.
For the stable distribution (wheezy), this problem has been fixed in
version 1.4.4+20100615~dfsg-2+deb7u1.
For the testing distribution (jessie), this problem has been fixed in
version 1.4.5~20130609~dfsg-1.
For the unstable distribution (sid), this problem has been fixed in
version 1.4.5~20130609~dfsg-1.
We recommend that you upgrade your srtp packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJS0DBmAAoJEAVMuPMTQ89EDZoP+wX3KQU/9dnk67ngLC9c9asr
/i/zUaerW5rDG/pQkf94VAER+qac0TMZXN17bZzEvoui02lYU/kcSqNrmWx02J1C
+nzi3X8+BwcZcZnUYbpv4681iJDKOOcEsM8pNvQjavhiNHF78wL1QNstbMbv/HHT
EB8Q+eP4EJOmYwnHthOeT8yeDMQMlpsGtdXShvJe/LphtFBZn9WqPNnvoQiI0kVo
b2yWLtS+7UdeWSEgChoKnBx7pUVR/Eyyl9ncuHA3qNc1wWrIWAGVIanqHN5GJl07
KTwYn+dPrln/YabbhZASwU7Re8tSARN/mFbvT74xqjJ91EgTyHY82N0G0XAo0wxb
XCnOfN9oWsO1Fr6W1VnQyJ795wLxlAm02TT7gj/So17WM9MK6Xy5Fx7a/PwUwz8T
EqoB6xuZLdlVzGc8GeDL80sBhZ4VGgrjC7dxhTMfyU7tDCvrxaHeuDtAbGrEZIb8
VTVPyN/vB3kCCEyRWWoY2q6GWH21iRNGLhKRoqb4zsMebwFBsfWYaGiL5sGyATzD
YmgT5Q0HfoTboQBfHSzZRHDNWFBVUOfY64Ut8QSiE7hFySjxrNqxctNt1OQEZZGZ
juMCd5GrXRnfkIPS/iIHoNWcg5YCjc1pEI/MbeSSQXA75zJI/HVOKJUSm6uTQ7Ar
xumHO0//mQ8zM/zWYSSG
=6Cvs
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
Archive: http://lists.debian.org/E1W1gBl-0005Hn-Cu@master.debian.org
|
|
|
|
